Now it’s time to create the folder that will keep your Solr index and documents. We also have to copy a basic Solr structure into it. Fortunately, Solr comes with a predefined structure and includes preconfigured files in it. You have to make sure that there is plenty of space wherever you place this folder, since it can grow a lot. By the way, you can place this folder out of your Tomcat webapps folder.

2. Create a file called .simplecov in the root directory of your project

require 'simplecov-rcov'
class SimpleCov::Formatter::MergedFormatter
def format(result)
SimpleCov::Formatter::HTMLFormatter.new.format(result)
SimpleCov::Formatter::RcovFormatter.new.format(result)
end
end
SimpleCov.formatter = SimpleCov::Formatter::MergedFormatter
SimpleCov.start 'rails' do
# any custom configs like groups and filters can be here at a central place
add_filter "/vendor/"
end

3. Update spec/spec_helper & features/support/env.rb to require simplecov ... add this after require 'rubygems' but before all else

require 'simplecov'

4. In Jenkins, enable displaying the output by adding the 'Publish rcov report' post build action in your project Jenkins configuration and pointing it at the coverage/rcov directory

5. See beautiful reports in Jenkins, and also locally when you've run the tests

Bundler Auditis a gem that reports on vulnerable gems in your Gemfile. Its similar to Gemnasium or https://hakiri.io/facets but can more easily be integrated into Jenkins. Its also recommended by the Brakeman people.

Install

Add the following to your Gemfile in the development group:

gem 'bundler-audit'

Run

bundle install

Run Locally

Run

bundle-audit update
bundle-audit

This will output any vulnerable Gem versions you have, or a nice green message if you're ok

Integrate with Jenkins

To display the results on the project home page

Add the following to your "Execute Shell" build step:

bundle-audit update
bundle-audit > bundle-audit.txt

Then under "Post build actions", add "Publish rich text message"

Select "confluence" markup, and paste the following:

h2. Bundle Audit Results
${FILE:bundle-audit.txt}

Now re-run your build and the results will display

Take it a step further and make Jenkins fail when there's vulnerable gems

Modify your execute shell build step to check the output of bundle-audit. Here's a simple example script which does this (see SnapDeploy for example)